Skip to main content

IdP Setup: Okta

What

Starting with FileWave Version 14.2.0,  we can use Okta for authentication from FileWave. We must create a new application in the Okta Portal and give FileWave access to it.  

When/Why

This configuration is required if you want to use Okta for authentication during device enrollment or during login to the FileWave Web and Native administrator consoles.

How

Okta Admin UI
The UI may look different depending on if you are using a Trial Okta organization or the regular, non-Trial version of the Okta.

Part 1: Login to the Okta Admin Portal

Okta Admin Portal

Begin by logging in to the Okta Admin Portal with an administrator's account. (https://example-admin.okta.com/admin)

Part 2: Create an Okta Application in the Okta Admin Portal

Create an Okta Application Integration in Okta Admin Portal

Now we are going to create an Okta application for FileWave to talk to and assign some rights to it.

  1. First, open the Okta Admin > Menu > Applications > Applications Applications menu and click the the AddCreate ApplicationApp Integration button.
    button.

    Screenshot 2024-05-20 at 11.26.51 AM.png

  2. Next, clickselect the CreateOIDC New- AppOpenID Connect for buttonthe toSign-in open the Create a New Application Integrationmethod dialog..
    1. Select Select Web Application for the the PlatformApplication Type type.
    2. Check the OpenID Connect radio button..
    3. Click the the CreateNext button.

    4. Screenshot 2024-05-20 at 11.38.02 AM.png


  3. Next, configure your Application on the the CreateNew OpenID ConnectWeb App Integration Integration page.page you've been redirected to.
    1. Input a meaningful name in the the Application App integration name field.
    2. Click the the Add URI button for the the LoginSign-in redirect URIs setting.
      1. Paste and inputInput all theof your FileWave ServerServer's redirect URIs in the the LoginSign-in redirect URIs setting.
        1. If you do not know your redirect URIs then just put some placeholder URI for now and it can be edited later.

          Login Redirect URIs for FileWave are displayed in the FileWave Web Admin Settings.  (Login to Web Admin > Select "⚙' [Gear/Settings Icon] in top right > Identity Provider > Setup Okta > Get URLs)

          Login Redirect URIs are unique to your server, but will look something like the following:

          https://fwxserver.example.com:443/api/auth/login_via_idp_redirect
          https://fwxserver.example.com:443/api/auth/login_via_idp_redirect_for_native  
          https://fwxserver.example.com:443/api/auth/login_via_idp_redirect_for_device  

    3. Under Assignments, choose whether you want to limit access to specific groups or integrate all users in the organization.
  4. Click the the Save button to create the Okta App integration.

    Screenshot 2024-05-20 at 11.56.31 AM.png

    5. After Saving, you'll be Redirected to the application General Settings page. Next to Client Credentials, select Edit and check the box next to Proof Key for Code Exchange (PKCE)  and Save.

Screenshot 2024-05-20 at 12.15.31 PM.png

Part 3: Configure the Okta App in FileWave

Assign Okta Users and/or Groups to the Okta App Integration

Now we are going to configure the Okta App to connect with FileWave.

  1. First, open the Okta Admin > Menu > Applications > Applications menu and select the Okta App that was created.
  2. On the Okta App > Assignments tab, click the Assign button to assign the App to specified Okta Users and/or Groups.

Configure an Okta App in the FileWave Web Admin Console

In order for FileWave to communicate with Okta for authentication the the Okta App will need to be configured with FileWave.

  1. Begin by logging into the FileWave Web Admin and open the the Settings Settings button ('⚙'/gear icon in the header).  
  2. Open the the Identity Provider Provider menu in the the FileWave Web Admin Settings
  3. On the the Identity Provider Provider menu, click the the Setup Okta button or or New Identity Provider button in the top right.right if one has already been configured.
    1. Select Okta in the IDP Type dropdown.
    2. Input a meaningful name in the the Name field.
    3. InputCopy the Oktathe Client ID value in the Client ID field.

Okta Client ID 

value

Openfound the Oktain Admin > Menu > Applications >the Okta Apppage >you General tabwere redirected to and copypaste the in the Client ID field.
value to a secure location.

Screenshot 2024-05-20 at 12.04.57 PM.png

Screenshot 2024-05-20 at 12.06.24 PM.png

    • Input the the Okta Client Secret value in the the Client Secret field.


      Screenshot 2024-05-20 at 12.10.32 PM.png


Screenshot 2024-05-20 at 12.11.33 PM.png


Okta Client Secret

Open the Okta Admin > Menu > Applications > Okta App > General tab, click the "reveal" button for the Client Secret, and copy the Client Secret value to a secure location.

    • Input the Okta API Token value in the 
      API Token field.

Okta API Token

  1. OpenIn the Okta, open the Okta Admin > Menu > Security > API API menu and open the the Tokens tab.

      Screenshot 2024-05-20 at 12.22.44 PM.png


  2. Click the the Create Token button in the the Tokens tab.
  3. Input a meaningful name in the API token'Name field.
  4. Click the the Create Token button in the the Create Token dialog and copy the API token and store it in a secure location.

(Okta API tokens are only displayed to be copied once, make sure to store this token somewhere secure for use in the future.)Screenshot 2024-05-20 at 12.25.51 PM.png

  • Copy and Paste the Token Value into the API Token field in the FileWave Admin Settings.

    Screenshot 2024-05-20 at 12.33.35 PM.png

    •  

     


      Okta Domain 
      1. Open
          the Okta Admin > Menu > Applications > Okta App > General tab and copy the Domain value to a secure location.

          (*This is an older screenshot, the current trial Okta account that I am using at the time of this KB's creation doesn't have a domain)

        • Input the the Okta Domain Domain in the the Domain Domain field. The value in FileWave should not be saved with the "https://" portion.

    Okta DomainScreenshot 2024-05-20 at 12.39.15 PM.png

    Open the Okta Admin > Menu > Applications > Okta App > General tab and copy the Domain value to a secure location.

       

      1. Select the Organization authorization server radio button unless you have setup a custom authorization server.
      2. Check the Enrollment checkbox if you want to use this Okta App authentication for FileWave Device enrollment.

    Only one Identity Provider can be configured for FileWave Device Enrollment authentication.

      • Check the Admin checkbox if you want to use this Okta App for FileWave Native and Web Admin console authentication.

    Only one Identity Provider App instance (Okta, Azure AD, etc.) can be configured with the Admin authentication for each type of Identity Provider.

      • Click the Create / Save button in the Identity Provider card.

    Login Redirect URLs

     In order for Okta authentication to redirect back to FileWave the Login Redirect URLs will need to be configured in the Okta App.

    1. Start by opening the FileWave Web Admin > Settings > Identity Provider menu.
    2. Create or Edit a configured Okta Identity Provider card.
    3. Click the Get URLs button to display the dialog showing the Login Redirect URLs.

    1. Next, login to the Okta Admin Portal and open the Okta Admin > Menu > Applications > Applications menu
    2. Select the Okta App that was created that needs the Login Redirect URIs modified.
    3. Open the General tab for the Okta App and click the Edit button in the "General Settings" section.
    4. Copy the Login Redirect URLs from the FileWave Web Admin > Settings > Identity Provider > Okta App and paste all the Login Redirect URIs in their own rows.
    5. Click the Save button in the "General Settings" for the Okta App.

    Part 4: Configuring and Authenticating with Okta Users

    Configure an Okta Identity Provider for Authentication

    An An Okta App will need to be be configured in the FileWave Identity Provider settings for use with FileWave Device enrollment and/or FileWave Admin authentication.

    1. Begin by logging into the FileWave Web Admin Admin and open the the Settings Settings button (gear icon in the header).
    2. Click the the Edit Edit button on the the Okta App card that will be used for authentication.
    3. Check the the Enrollment checkbox if you want to use this this Okta App authentication for FileWave Device enrollment.

    Only one Identity Provider can be configured for FileWave Device Enrollment authentication.

    1. Check the the Admin Admin checkbox if you want to use this this Okta App for FileWave Native and Web Admin console authentication.

    ℹ️ Only one Identity Provider App instance (Okta, Azure AD, etc.) can be configured with the the Admin Admin authentication for each type of Identity Provider.

     

    ℹ️ Only one Identity Provider can be configured for FileWave Device Enrollment authentication.

    1. 5. Click the Save Save button on the the Okta App App to confirm any authentication changes.

     

     

    Configure FileWave Admin IdP Groups

    Authenticate with Okta during FileWave Device Enrollment

    Login with Okta for FileWave Native or Web Admin Console

    • Once FileWave Admin IDP Groups are created for an an Okta App the Login with Okta Okta option option can be used with the FileWave Native or Web Admin console for authentication.
    • See:  Admin Login in Using an IdP Provider

    Related Content

    Back to top